allow_read authentication
Martin Geisler
mg at lazybytes.net
Fri Oct 30 03:40:36 CDT 2009
Conrad Shultz <conrad at catalyzethis.com> writes:
> Afriza N. Arief wrote:
>> have you tried to "Trick" Mercurial into asking for authentication:
>>
>> touch ~/hg/failed_auth.html
>>
>> assuming your hgwebdir.config and hgwebdir.cgi is in ~/hg/
>>
>> see also http://wiki.dreamhost.com/Mercurial
>
> Thanks for the ref.
>
> The failed_auth.html did not make any difference. However, based on
> the ref I re-examined my Apache configuration and discovered that I
> apparently needed to tell Apache to limit access to GET if I want to
> use allow_read.
Yes, hgweb is not doing any authentication itself. The script relies on
the frontend webserver (like Apache) to do the authentication using its
normal mechnisms (.htaccess files, "401 Unauthorized" headers, etc.).
After authentication, the request is passed on to hgweb, which then
check that the username set by the webserver is on the right allow_read
or allow_push list.
> At a minimum this should probably be documented, though I would really
> classify this as a bug since it means that it is not (easily) possible
> to serve read-restricted and read-allowed repositories under the same
> hgweb tree.
I've not looked at the documentation online, but it would be great if
you could fill in the holes in the wiki:
http://mercurial.selenic.com/wiki/PublishingRepositories
That would help others who end up in similar situations i the future.
--
Martin Geisler
VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multiparty Computation) to Python. See: http://viff.dk/.
More information about the Mercurial
mailing list